Incident response planning entails how an organization handles a data breach or cyberattack. How an organization responds to a data breach or cyberattack can have an enormous financial and reputational cost, and organizations that quickly contain a data breach in less than 30 days save more than $1 million. Unfortunately, only 24 percent of organizations have an incident response plan.
An organization’s failure to have or implement an incident response plan can have serious legal repercussions. Best practices recommend that an incident response plan include at least the following:
- applicable law or regulation,
- data breach trigger,
- person or organization to contact, and/or
- information to include in reporting requirements.
In addition to these four items, two other items remain essential for a robust incident response plan: preparation for prosecution and attorney-client privilege.
An incident response plan must have a data retention policy in preparation for prosecution. The policy should include specific steps on preserving data and documenting the chain of custody. Without this policy, the cause of the data breach remains unknown and a similar breach could occur again in the future. Additionally, an organization can experience numerous legal repercussions for failing to properly preserve data.